Mozilla opens up over Boot 2 Gecko

With the evolution of HTML5 standards gathering pace, and developers increasingly looking to produce apps for multiple platforms, Mozilla's plans to deliver an HTML5-based operating system for smartphones could have a major impact.

Given the siloed nature of existing mobile operating systems, which tie users to a specific platform with varying levels of security, Mozilla's standards-based OS with an open-application ecosystem could begin to look like an attractive prospect to consumers as well as developers.

ZDNet UK talked to Jay Sullivan, vice president of products at Mozilla, to see what difficulties the project has had to overcome, what's in store, and why Boot 2 Gecko (B2G) needs to exist at all.

Q: What's the thinking behind Boot to Gecko? Why do you think it is necessary, and why now?
HTML5 has evolved so much over the past few years that technically what we set out to do was direct the aggregation of HTML5 to the hardware. So it's a Linux kernel and device drivers, but there are no other layers of software.

If you think of the web browser running in iOS, it's sitting on Carbon and Cocoa and all these layers, and then the OS. All that stuff is not there [in B2G].

So it removes that extra layer of software, all that middleware?
Exactly. The equivalent on Android would be that there is no Dalvik. There is no Java machine. It's just the Gecko rendering engine. It's a Linux kernel and uses the same device drivers that Android uses. So if you're an OEM, you can get this thing set up in a few days, because it's using all the same drivers and stuff.

Was removing that layer of middleware the reason for building a standalone mobile platform rather than, say, something like Canonical's Ubuntu for Android, which acts as a layer on top?
All we wanted was the smallest possible kernel because we wanted the whole thing to be powered by JavaScript interfaces. So we got that on there and the next piece was, "What can't you do in JavaScript?"

Well, you can't initiate a phone call, send an SMS, do all that stuff. So we have a web API project to get that stuff up and running, and we're working to standardise all that. We're bringing all of that to the W3C [World Wide Web Consortium] as standards.

Are your hopes for the platform limited by what is already standardised, or do you have to create standards of the future as you go?
It can't be [limited by existing standards]. Stuff doesn't move fast enough to wait for standardisation. One example, in 2008, we added geolocation, so you could make a JavaScript call that would ask users if they wanted to share their location. We start by producing software and once we get to a point where it feels like it's going to work, it's the right thing, we standardise.

Some of the [other] initiatives have been, "Hey, let's write the documents first", and then wait around for the standards. We try to lead with code. We can't wait, we need telephony. We need this stuff.

That said, we are working in the open. There's nothing secret and we work with others — like Telefonica and Deutsche Telekom — and browser vendors about adding things like camera and telephony support, so we have the best chance of standardising as soon possible.

That's the technical bottom-up view, but what about the ecosystem?
Mozilla's mission is to support user choice and developer freedom on the web, and we did that successfully on desktops and now we have a lot of choice and competition — careful what you wish for — which has been really good for users. We brought the web platform a long way in the past five or six years.

Now the big risks to our mission, in a mobile environment, are users getting locked into silos. You don't really own your apps — your Android account owns your apps. You can't go home and pull out your iPad or go to your PC and access them.

We want users to have complete ownership and control of apps and their profile data.

We want users to have complete ownership and control of apps and their profile data and everything else, which fits with other initiatives like BrowserID and Persona. We wanted developers to be able to hack freely and distribute their apps to whoever they want whenever they want, which leads to the app and Mozilla Marketplace side of it.

The apps on B2G are normal HTML5 apps or sites that have been wrapped up with a little metadata information that says, "Hey, I'm an app. Here's my icon. Here's my name." So what we're trying to do is make it so that users have choice and that developers can just freely develop whatever they want without worrying about stores and gatekeepers.

We're going to have a market because people want ratings and discoverability. But what's unique about our system is that anyone can have a market for web apps, and also, you can self-publish them and the browser can help [the user] discover those web apps.

So you might be on a site and it says, "Hey, we have an app", or the browser detects there is a web app. You hit a button and you've got it and then it would show up on your phone and tablets as well. We're doing a store, but something that's much more open and distributive.

Given the parallels in some ways between B2G and Android, is there any potential for similar legal issues that could arise if operators or manufacturers get behind this and it becomes a big target?
From an IP point of view, it's all built on open-source, royalty-free stuff so far. We have the Linux kernel that has been open and free of IP taint — as far as data stream goes and device drivers — and on top of that the rest of the OS is the Gecko engine, which has been open source for a long time.

I think for someone to go after this, they'd have to go after the whole web, because that's what it is. We don't use any Android components that have been subject to litigation. I'm not a lawyer, I should say, but it seems to me like the situation there is about as good as it can be.

Is it a project that has been driven internally, or did it arise in response to customers and handset manufacturers?
It was pretty internally-driven. The biggest implementation of...

...our mission was a desktop browser, but those problems are solved. There's a lot to do there and we can always get better, so we said, "Hey, where are people today? What's our mission? What would be the most disruptive thing we could do to support that?"

The pillars were really identity and an open-app ecosystem. B2G really started last summer though, where we took the next step and said, "Wow, we have all these components. What would happen if we directly connected this stuff up to the hardware?" It turned out Telefonica had been doing something similar for even longer. I think they've been working on their stuff from sometime earlier in 2011. So when they were already working on it too and when they read about our project, we joined forces pretty quickly.

We were completely aligned on the goal, and then Deutsche Telekom got involved and Qualcomm got excited about it. It's just kind of the right thing at the right time. It's early though. I don't want to get ahead of myself. We're just starting here and we'll see where it goes.

How have manufacturers been responding to the early builds you've been showing them?
There's been a lot of interest. I think people have the shared understanding of how ecosystems evolve and they want to see an open option with more choices. Obviously, mobile devices are a growing target for people who create or distribute malicious software.

Presumably, B2G will provide the same level of security as existing established OSes?
One of the cool things about it is how it unifies app and web security models. For example, on the web today, Google Maps requests your location, and you say, "Yes, no, never, always." That happens kind of just-in-time, proportional to what you're doing. So you can decide either A, yes, this is worth it, I don't know where the hell I am, or B, no, I don't want to be sharing right now.

But if you contrast that with a mobile app today, especially Android, let's say you want to install a single-player chess app, and the app says, "We want to access your phonebook, your SMS, your location, your dialler", and it's like, whoa.

It's kind of this all-or-nothing, take-it or leave-it model and you have to pick at the time of install, and you don't really know what happens. Just look at the case of Path recently.

We have to make it so the user interface doesn't get noisy, only asks for the right stuff at the right time.

Imagine a model where there's no difference between a website and an app, where you have permissions that are proportional and are asked when you need them. We have to make it so the user interface doesn't get noisy, only asks for the right stuff at the right time, but the user should have more control over when they're going to share their whole life to play chess.

Another thing. Imagine if the whole phone respected our do-not-track initiative. Right now, just the browser does. So, say, you have an app. If it's an HTML5 app, it's just using the same web stack, so if you select do not track, then that app will be sending the do-not-track signal to those sites, so they can decide how they want to handle that. There are a lot of cool benefits to not having a separate web and native model.

Presumably you're going to add support for new technologies such as NFC over time?
Yes. NFC, Bluetooth, all that stuff is in the roadmap. First it was telephony, SMS, battery, GPS — all the stuff you really need. NFC is important now, and Bluetooth of course. That's going to be as good as any other phone, or better.

It's come a long way. One thing that's cool is that because it's HTML it's been really fast to prototype and build the interfaces. It's going to be interesting. We can't predict where this thing is going to go but it's certainly an exciting step for the industry to get behind a true HTML5 device.

And when it is ready for the masses, will it follow the same kind of update schedule as the desktop Firefox browser?
I don't know at this point. Firefox is a released product. This hasn't even hit beta yet.

So when will we see the first device?
Telefonica mentioned that their intentions were to ship something this year. So it's going to be exciting. I see more happening early next year but I don't have a firm beta date.